Threat Encyclopedia

Advantech.iView.findCfgDeviceListDetailsExport.Path.Traversal

description-logoDescription

This indicates an attack attempt to exploit a Path Traversal Vulnerability in Advantech iView.
The vulnerability is due to improper validation of user-supplied path before using in findCfgDeviceListDetailsExport method. A remote attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted server. Successful exploitation of this vulnerability could lead to arbitrary file creation and potential for code execution on the affected system with privileges of SYSTEM.

affected-products-logoAffected Products

Advantech iView prior to 5.7.04.6469

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://downloadt.advantech.com/download/downloadsr.aspx?File_Id=1-28MHH1D

CVE References

CVE-2022-2139

Other References

ICSA-22-179-03

Telemetry logoTelemetry